Strapi Vulnerable to SQL Injection in Content Type Builder - @strapi/content-type-builder
- Severity:
- High
Description
No description available.
Recommendation
Update the @strapi/content-type-builder package to the latest compatible version. Followings are version details:
- Affected version(s): >= 5.0.0, < 5.33.2
- Patched version(s): 5.33.2
References
Related Issues
- Strapi Vulnerable to SQL Injection in Content Type Builder - CVE-2026-22599
- Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type - CVE-2022-35948
- Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys. - CVE-2026-33442
- Parse Server vulnerable to SQL injection via `Increment` operation on nested object field in PostgreSQL - CVE-2026-31856
You might also like:
- Tags:
- npm
- @strapi/content-type-builder
Anything's wrong? Let us know Last updated on May 15, 2026